David Thaw is an Assistant Professor at the University of Pittsburgh. He holds appointments in the Schools of Law, Computing and Information, and Public and International Affairs. David is an internationally-recognized expert in law and technology. His research and scholarship examine issues of cybersecurity regulation, cybercrime, cyber warfare, and related questions of privacy and cyberlaw. In addition to his cyber work, Professor Thaw is also a scholar of administrative and criminal law.
David teaches several cyber-related courses, including courses on cybersecurity law and on cybercrime. He also teaches administrative law, criminal law, criminal procedure, and constitutional law.
Professor Thaw's legal scholarship has appeared in venues including the Washington Law Review, Connecticut Law Review, the Journal of Criminal Law and Criminology and the Yale Law Journal Online. His cybersecurity instructional text, Cybersecurity: An Interdisciplinary Problem (with Gus Hurwitz and Derek Bambauer) is under contract with West Academic Publishing.
Comprehensive information regarding Professor Thaw's scholarship, technical research, teaching and other activities are available on his website at www.davidthaw.com.
- Data Breach (Regulatory) Effects, 2015 Cardozo L. Rev. de novo 105 (2015). Available on SSRN.
- Reasonable Expectations of Privacy Settings: Social Media and the Stored Communications Act, 13 Duke L. & Tech. Rev. 36 (2015). Available on SSRN.
- Surveillance at the Source, 103 Ky. L. J. 405 (2015). Available on SSRN.
- Enlightened Regulatory Capture, 89 Wash. L. Rev. 329 (2014). Available on SSRN.
- Invited Blogging: Enlightened Regulatory Capture, REGBLOG (Nov. 12, 2013).
- The Efficacy of Cybersecurity Regulation, 30 Ga. St. U. L. Rev. 287 (2014). Available on SSRN.
- Invited Congressional Testimony: Reporting Data Breaches: Is Federal Legislation Needed to Protect Consumers?, Hearing Before the House Energy & Commerce Comm., Subcomm. on Commerce, Mfg., & Trade, 113th Cong. (July 18, 2013) (Testimony of David Thaw, Visiting Assistant Professor of Law, University of Connecticut).
- Invited Blogging: A Flexible Approach to Cybersecurity Regulation, REGBLOG (July 9, 2013).
- Criminalizing Hacking, Not Dating: Reconstructing the CFAA Intent Requirement, 103 J. Crim. L. & Criminology 907 (2013). Available on SSRN.
- When Machines Are Watching: How Warrantless Use of GPS Surveillance Technology Terminates The Fourth Amendment Right Against Unreasonable Search, 121 Yale L. J. Online 177 (2011) (with Priscilla Smith, Nabiha Syed & Albert Wong). Available on SSRN.
- User Choices and Regret: Understanding Users' Decision Process about Consensually Acquired Spyware, 2 I/S: J. L. & Pol. Info. Soc'y 283 (2006) (with Nathaniel Good, Jens Grossklags, Aaron Perzanowski, Deirdre Mulligan, & Joseph Konstan). Available on SSRN.
Scientific, Policy, and Other Academic Publications (Selected):
- David B. Thaw, Characterizing, Classifying, and Understanding Information Security Laws and Regulations: Considerations for Policymakers and Organizations Protecting Sensitive Information Assets (May 12, 2011) (Ph.D. dissertation, University of California, Berkeley (on file with the University of California).
- David Thaw, Neha Gupta, and Ashok Agrawala, Proposal for a "Down-the-Chain" Notification Requirement in Online Behavioral Advertising Research and Development, W3C Workshop on Web Tracking and User Privacy (Apr. 28, 2011).
- Thaw, D., Feldman, J., Li, J. (2008). CoPE: Democratic CSCW in Support of e-Learning. In proceedings of the International Workshop on Collaborative E-learning Systems and Application (CESA 2008) (pp. 481-486). Barcelona, Spain. IEEE Computer Society. ISBN: 0-7695-3109-1/08.
- Jerome Feldman, Daniel Lee, and David Thaw. "Communities of Practice Environment." The Internet and Society, Morgan, Bebbia, and Spector (eds.), Southampton: WIT Press, 2006.